You got hacked mate! This happened to me once. Really hard to get the code out of them but apparently they were sending out spam emails. It has a $_POST somewhere in there and mail. So whatever content, emails etc they post and it will send the emails from your server.
If you are on a VPN, be sure to check for these spam emails otherwise your IP will be blacklisted.
This generally happens due to a badly coded plugin.
The only solution is to restore a backup of the files or clean each of these files manually. But be sure to check all the plugin for unsafe or non standard code.
Good luck!
